{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

National Data Opt-Out Policy

1. Purpose

The purpose of this policy is to outline our domiciliary care service’s commitment to ensuring compliance with the National Data Opt-Out Programme, protecting service users’ rights to control how their confidential patient information is used for research and planning. Our organisation follows Care Inspectorate Wales (CIW) regulations, the General Data Protection Regulation (GDPR) (UK GDPR post-Brexit), the Data Protection Act 2018, and the Caldicott Principles to ensure that service user data is managed lawfully, fairly, and transparently.

Our home care service efficiently manages the National Data Opt-Out process by:

• Ensuring all service users and their families are aware of their rights.
• Implementing clear processes for recording, updating, and respecting opt-out choices.
• Training staff on data protection regulations and service user consent.
• Ensuring compliance with NHS Digital guidance on opt-out preferences.

2. Scope

This policy applies to:

• All service users receiving care from our domiciliary care service.
• All staff, including care workers, supervisors, and managers, who handle service user data.
• Third-party providers, including NHS bodies, research institutions, and data processors.
• Data Protection Officers and Information Governance Leads, responsible for data security.

It covers:

• Understanding the National Data Opt-Out Programme.
• How we record and respect opt-out choices.
• Our legal responsibilities in handling personal data.
• Ensuring compliance with data security and confidentiality principles.

3. Understanding the National Data Opt-Out Programme

The National Data Opt-Out Programme allows individuals to prevent their confidential patient information from being used for research and planning purposes, while still ensuring they receive necessary medical care and direct services.

3.1 What Data Is Covered?

Confidential patient information includes:

• Personal details (e.g., name, date of birth, NHS number).
• Health records and medical conditions.
• Care plans and treatment history.

3.2 What Data Is Not Covered?

Opting out does not affect:

• Direct care and treatment provided by healthcare professionals.
• Data sharing required by law (e.g., safeguarding concerns, public health emergencies).
• Anonymised data used for research where individuals cannot be identified.

4. Recording and Respecting Opt-Out Choices

4.1 Informing Service Users of Their Rights

Our organisation ensures that all service users and families:

• Are provided with clear, accessible information on their data opt-out rights.
• Are given the option to make an informed decision about opting out.
• Can review official NHS guidance on the National Data Opt-Out Programme.

This information is provided:

• During service user assessments and care plan discussions.
• In easy-read formats and translated materials, if required.
• Via our website, printed materials, or staff guidance.

4.2 How Service Users Can Opt Out

Service users who wish to opt out can:

• Register their choice online via the NHS website.
• Call the NHS Digital contact centre for assistance.
• Request support from a family member or advocate if they lack digital access.

If a service user expresses their decision to opt out, we will:

• Record their preference in their care plan.
• Update internal systems to reflect their opt-out status.
• Ensure data is not shared for research and planning purposes.

4.3 Managing Opt-Out Preferences

To ensure compliance, our organisation will:

• Check NHS Digital’s National Data Opt-Out system before sharing service user data.
• Update our records regularly to reflect service user choices.
• Respect changes in opt-out status if a service user later decides to opt in or opt out.

5. Legal Responsibilities and Compliance

5.1 Our Legal Obligations

Our organisation complies with:

• The Data Protection Act 2018 (UK GDPR).
• The Caldicott Principles, ensuring data is used appropriately.
• NHS Digital’s National Data Opt-Out requirements.
• CIW guidance on confidentiality and data sharing.

We ensure that service user information is:

• Processed fairly, lawfully, and transparently.
• Only shared when necessary and in line with consent.
• Kept secure, with strict access controls.

5.2 Handling Data Requests from External Organisations

If an external organisation requests service user data for research or planning purposes, we will:

1. Verify whether the service user has opted out.
2. Ensure all data sharing is legally compliant.
3. Obtain explicit consent if the request falls outside of National Data Opt-Out scope.

Failure to comply with data protection laws may result in:

• Regulatory action from CIW or the Information Commissioner’s Office (ICO).
• Fines and penalties under the UK GDPR.
• Reputational damage to the organisation.

6. Data Security and Confidentiality

6.1 Secure Data Storage and Processing

To ensure data security:

• All digital records are encrypted and password-protected.
• Access to service user data is restricted to authorised personnel only.
• Paper records are securely stored and disposed of appropriately.

6.2 Staff Responsibilities

All staff must:

• Complete mandatory data protection training.
• Follow strict protocols when accessing, sharing, or storing data.
• Report any data breaches immediately to the Data Protection Officer ({{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}}).

Failure to adhere to data protection policies may result in disciplinary action under the Disciplinary and Grievance Policy (DCW31).

7. Staff Training and Awareness

All staff must receive:

• Mandatory GDPR and data protection training, including National Data Opt-Out compliance.
• Refresher training on handling confidential information.
• Guidance on discussing opt-out options with service users.

8. Monitoring and Compliance with CIW Standards

To ensure compliance, we will:

• Conduct regular audits of data-sharing practices.
• Monitor feedback from service users regarding their opt-out choices.
• Report compliance with NHS Digital and CIW data protection requirements.

9. Related Policies

This policy should be read alongside:

• Confidentiality and Data Protection (GDPR) Policy (DCW34).
• Service User Consent Policy (DCW32).
• Whistleblowing (Speaking Up) Policy (DCW29).
• Risk Management and Assessment Policy (DCW18).
• Safeguarding Adults from Abuse and Improper Treatment Policy (DCW13).

10. Policy Review

This policy will be reviewed annually or sooner if required due to updates in legislation, NHS Digital guidance, or CIW regulations. The Registered Manager is responsible for ensuring compliance.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.